Back to Contents

Glossary
Term Definition
802.11 The 802.11 standard refers to a family of specifications developed
by the IEEE for wireless LAN technology. The 802.11 specifies an
over-the-air interface between a wireless client and a base station
or between two wireless clients and provides 1 or 2 Mbps
transmission in the 2.4 GHz band with either frequency hopping
spread spectrum (FHSS) or direct sequence spread spectrum
(DSSS).
802.11a The 802.11a standard specifies a maximum data transfer rate of 54
Mbps and an operating frequency of 5 GHz. The 802.11a standard
uses the Orthogonal Frequency Division Multiplexing (OFDM)
transmission method. Additionally, the 802.11a standard supports
802.11 features as WEP encryption for security.
802.11b 802.11b is an extension to 802.11 that applies to wireless networks
and provides 11 Mbps transmission (with a fallback to 5.5, 2 and 1
Mbps) in the 2.4 GHz band. 802.11b uses only DSSS. Throughput
data rate 5+ Mbps in the 2.4 GHz band.
802.11g The 802.11g standard specifies a maximum data transfer rate of 54
Mbps, an operating frequency of 2.4GHz, and WEP encryption for
security. 802.11g networks are also referred to as Wi-Fi networks.
802.1X 802.1X is the IEEE Standard for Port-Based Network Access
Control. This is used in conjunction with EAP methods to provide
access control to wired and wireless networks.
AAA Server Authentication, Authorization and Accounting Server. A system to
control access to computer resources and track user activity.
Access Point A device that connects wireless devices to another network. For
(AP) example, a wireless LAN, Internet modem or others.
Ad Hoc A communication configuration in which every computer has the
Network same capabilities, and any computer can initiate a communication
session. Also known as a device to device network, peer-to-peer
network or a computer-to-computer network.
AES Advanced Encryption Standard. An additional replacement for
WEP encryption.
Available One of the networks listed under Available networks on the
network Wireless Networks tab of the Wireless Configuration Utility
(Windows 2000 environment) or Wireless Network Connection
Properties (Windows XP environment). Any wireless network that
is broadcasting and is within receiving range of the wireless
adapter appears on the list.
BER Bit Error Rate. The ratio of errors to the total number of bits being
sent in a data transmission from one location to another.
Bit Rate The total number of bits (ones and zeros) per second that a
network connection can support. This bit rate varies, under
software control, with different signal path conditions.
Broadcast Used to allow an access point to respond to clients on a wireless
SSID network by sending probes.
BSSID A unique identifier for each wireless client on a wireless network.
The Basic Service Set Identifier (BSSID) is the Ethernet MAC
address of each adapter on the network.
CA Certificate Authority. A corporate certification authority
implemented on a server. In addition, Internet Explorer’s certificate
can import a certificate from a file. A trusted CA certificate is
stored in the root store.
CCX Cisco Compatible eXtension. Cisco Compatible Extensions
Program ensures that devices used on Cisco wireless LAN
infrastructure meet the security, management and roaming
requirements.
Certificate Used for client authentication. A certificate is registered on the
authentication server (for example, RADIUS server) and used by
the authenticator.
CKIP Cisco Key Integrity Protocol (CKIP) is a Cisco proprietary security
protocol for encryption in 802.11 media. CKIP uses a key message
integrity check and message sequence number to improve 802.11
security in infrastructure mode. CKIP is Cisco's version of TKIP.
Client The computer that gets its Internet connection by sharing either the
computer host computer's connection or the Access Point's connection.
DSSS Direct Sequence Spread Spectrum. Technology used in radio
transmission. Incompatible with FHSS.
Draft N Draft N refers to: IEEE P802.11n/D1.0 Draft Amendment to
STANDARD [FOR] Information Technology-Telecommunications
and information exchange between systems-Local and
Metropolitan networks-Specific requirements-Part 11: Wireless
LAN Medium Access Control (MAC) and Physical Layer (PHY)
specifications: Enhancements for Higher Throughput).
EAP Short for Extensible Authentication Protocol, EAP sits inside of
 Point-to-Point Protocol’s (PPP) authentication protocol and
provides a generalized framework for several different
authentication methods. EAP is supposed to head off proprietary
authentication systems and let everything from passwords to
challenge-response tokens and public-key infrastructure certificates
all work smoothly.
EAP-FAST Extensible Authentication Protocol – Flexible Authentication via
Secure Tunneling.

EAP-FAST, like EAP-TTLS and PEAP, uses tunneling to protect

traffic. The main difference is that EAP-FAST does not use
certificates to authenticate.

Provisioning in EAP-FAST is negotiated solely by the client as the

first communication exchange when EAP-FAST is requested from
the server. If the client does not have a pre-shared secret Protected
Access Credential (PAC), it can request to initiate a provisioning
EAP-FAST exchange to dynamically obtain one from the server.

EAP-FAST documents two methods to deliver the PAC: manual

delivery through an out-of-band secure mechanism, and automatic
provisioning.

Manual delivery mechanisms can be any delivery

mechanism that the administrator of the network feels is
sufficiently secure for their network.

Automatic provisioning establishes an encrypted tunnel to

protect the authentication of the client and the delivery of the
PAC to the client. This mechanism, while not as secure as a
manual method may be, is more secure than the
authentication method used in LEAP.

The EAP-FAST method can be divided into two parts:

provisioning, and authentication. The provisioning phase involves
the initial delivery of the PAC to the client. This phase only needs
to be performed once per client and user.
EAP-GTC The EAP-GTC (Generic Token Card) is similar to the EAP-OTP
except with hardware token cards. The request contains a
displayable message, and the response contains the string read
from the hardware token card.
EAP-OTP EAP-OTP (One-Time Password) uses the OTP as the response.
The request contains a displayable message. The OTP method is
defined in RFC 2289. The OTP mechanism is employed
extensively in VPN and PPP scenarios but not in the wireless
 world
EAP-SIM Extensible Authentication Protocol-Subscriber Identity Module
(EAP-SIM) authentication can be used with:

Network Authentication types: Open, Shared, and WPA2-

Enterprise
Data Encryption types: None, WEP and CKIP

A SIM card is a special smart card that is used by Global System

for Mobile Communications (GSM) based digital cellular
networks. The SIM card is used to validate your credentials with
the network
EAP-TLS A type of authentication method that uses EAP and a security
protocol called the Transport Layer Security (TLS). EAP-TLS uses
certificates that use passwords. EAP-TLS authentication supports
dynamic WEP key management.
EAP-TTLS A type of authentication method that uses EAP and Tunneled
Transport Layer Security (TTLS). EAP-TTLS uses a combination
of certificates and other security methods (for examples,
passwords).
Encryption Scrambling data so that only the authorized recipient can read it.
Usually a key is needed to interpret the data.
FHSS Frequency-Hop Spread Spectrum. Technology used in radio
transmission. Incompatible with DSSS.
File and A capability that allows a number of people to view, modify, and
printer print the same file(s) from different computers.
sharing
Fragmentation The threshold at which the wireless adapter breaks the packet into
threshold multiple frames. This determines the packet size and affects the
throughput of the transmission.
GHz Gigahertz. A unit of frequency equal to 1,000,000,000 cycles per
second.
Host The computer that is directly connected to the Internet via a modem
computer or network adapter.
Infrastructure A wireless network centered around an access point. In this
Network environment, the access point not only provides communication
with the wired network, but also mediates wireless network traffic
in the immediate neighborhood.
IEEE Institute of Electrical and Electronics Engineers (IEEE) is an
organization involved in defining computing and communications
standards.
Internet The address of a computer that is attached to a network. Part of the
Protocol (IP)
address designates which network the computer is on, and the other
address part represents the host identification.
LAN Local Area Network. A high-speed, low-error data network
covering a relatively small geographic area.
LEAP Light Extensible Authentication Protocol. A version of Extensible
Authentication Protocol (EAP). LEAP is a proprietary extensible
authentication protocol developed by Cisco, which provides a
challenge-response authentication mechanism and dynamic key
assignment.
MAC Address Media Access Control Address. A hardwired address applied at the
factory. It uniquely identifies network hardware on a LAN or
WAN (for examples, a wireless adapter).
Mbps Megabits-per-second. Transmission speed of 1,000,000 bits per
second.
MHz Megahertz. A unit of frequency equal to 1,000,000 cycles per
second.
MIC Message Integrity Check (commonly called Michael).
MS-CHAP An EAP mechanism used by the client. Microsoft Challenge
Authentication Protocol (MSCHAP) Version 2, is used over an
encrypted channel to enable server validation. The challenge and
response packets are sent over a non-exposed TLS encrypted
channel.
ns Nanosecond. 1 billionth (1/1,000,000,000) of a second.
OFDM Orthogonal Frequency Division Multiplexing.
PEAP Protected Extensible Authentication Protocol (PEAP) is an Internet
Engineering Task Force (IETF) draft protocol sponsored by
Microsoft, Cisco, and RSA Security. PEAP creates an encrypted
tunnel similar to the tunnel used in secure web pages (SSL). Inside
the encrypted tunnel, a number of other EAP authentication
methods can be used to perform client authentication. PEAP
requires a TLS certificate on the RADIUS server, but unlike EAP-
TLS there is no requirement to have a certificate on the client.
PEAP has not been ratified by the IETF. The IETF is currently
comparing PEAP and TTLS (Tunneled TLS) to determine an
authentication standard for 802.1X authentication in 802.11
wireless systems. PEAP is an authentication type designed to take
advantage of server-side EAP-Transport Layer Security (EAP-
TLS) and to support various authentication methods, including
user's passwords and one-time passwords, and Generic Token
Cards.
Peer-to-Peer A wireless network structure that allows wireless clients to
Mode communicate directly with each other without an access point.
Power Save The state in which the radio is periodically powered down to
mode conserve power. When the portable computer is in Power Save
mode, receive packets are stored in the AP until the wireless
adapter wakes up.
Preferred One of the networks that has been configured. Such networks are
network listed under Preferred networks on the Wireless Networks tab of
the Wireless Configuration Utility (Windows 2000 environment) or
Wireless Network Connection Properties (Windows XP
environment).
RADIUS Remote Authentication Dial-In User Service (RADIUS) is an
authentication and accounting system that verifies user's credentials
and grants access to requested resources.
RF Radio Frequency. The international unit for measuring frequency is
Hertz (Hz), which is equivalent to the older unit of cycles per
second. One MegaHertz (MHz) is one million Hertz. One
GigaHertz (GHz) is one billion Hertz. For reference: the standard
US electrical power frequency is 60 Hz, the AM broadcast radio
frequency band is 0.55 -1.6 MHz, the FM broadcast radio
frequency band is 88-108 MHz, and microwave ovens typically
operate at 2.45 GHz.
Roaming Movement of a wireless node between two micro cells. Roaming
usually occurs in infrastructure networks built around multiple
access points. Current wireless network roaming is only supported
in the same subnet of a network.
RTS threshold The number of frames in the data packet at or above which an
RTS/CTS (request to send/clear to send) handshake is turned on
before the packet is sent. The default value is 2347.
Shared Key An encryption key known only to the receiver and sender of data.
SIM Subscriber Identity Module card is used to validate credentials with
the network. A SIM card is a special smart card that is used by
GSM-based digital cellular networks.
Silent Mode Silent Mode Access Points or Wireless Routers have been
configured to not broadcast the SSID for the wireless network.
This makes it necessary to know the SSID in order to configure the
wireless profile to connect to the access point or wireless router.
Single Sign Single Sign On feature set allows the 802.1X credentials to match
On your Windows log on user name and password credentials for
wireless network connections.
SSID Service Set Identifier. SSID or network name is a value that
controls access to a wireless network. The SSID for your wireless
network card must match the SSID for any access point that you
want to connect with. If the value does not match, you are not
 granted access to the network. Each SSID may be up to 32
alphanumeric characters long and is case-sensitive.
TKIP Temporal Key Integrity protocol improves data encryption. Wi-Fi
Protected Access uses its TKIP. TKIP provides important data
encryption enhancements including a re-keying method. TKIP is
part of the IEEE 802.11i encryption standard for wireless LANs.
TKIP is the next generation of WEP, the Wired Equivalency
Protocol, which is used to secure 802.11 wireless LANs. TKIP
provides per packet key mixing, a message integrity check and a
re-keying mechanism, thus fixing the flaws of WEP.
TLS Transport Layer Security. A type of authentication method that
uses the Extensible Authentication Protocol (EAP) and a security
protocol called the Transport Layer Security (TLS). EAP-TLS uses
certificates which use passwords. EAP-TLS authentication
supports dynamic WEP key management. The TLS protocol is
intended to secure and authenticate communications across a public
network through data encryption. The TLS Handshake Protocol
allows the server and client to provide mutual authentication and to
negotiate an encryption algorithm and cryptographic keys before
data is transmitted.
TTLS Tunneled Transport Layer Security. These settings define the
protocol and the credentials used to authenticate a user. In TTLS,
the client uses EAP-TLS to validate the server and create a TLS-
encrypted channel between the client and server. The client can use
another authentication protocol, typically password-based protocols
challenge over this encrypted channel to enable server validation.
The challenge and response packets are sent over a non-exposed
TLS encrypted channel. TTLS implementations today support all
methods defined by EAP, as well as several older methods (CHAP,
PAP, MS-CHAP and MS-CHAPv2). TTLS can easily be extended
to work with new protocols by defining new attributes to support
new protocols.
WEP Wired Equivalent Privacy. Wired Equivalent Privacy, 64- and 128-
bit (64-bit is sometimes referred to as 40-bit). This is a low-level
encryption technique designed to give the user about the same
amount of privacy that he would expect from a LAN. WEP is a
security protocol for wireless local area networks (WLANs)
defined in the 802.11b standard. WEP is designed to provide the
same level of security as that of a wired LAN. WEP aims to
provide security by data over radio waves so that it is protected as
it is transmitted from one end point to another.
WEP Key Either a pass phrase or hexadecimal key.
The pass phrase must be 5 ASCII characters for 64-bit WEP or 13
ASCII characters for 128-bit WEP. For pass phrases, 0-9, a-z, A-Z,
 and ~!@#$%^&*()_+|`-={}|[]\:";'<>?,./ are all valid characters.
The hex key must be 10 hexadecimal characters (0-9, A-F) for 64-
bit WEP or 26 hexadecimal characters (0-9, A-F) for 128-bit WEP.
Wi-Fi Wireless Fidelity. Is meant to be used generically when referring of
any type to 802.11 network, whether 802.11b, 802.11a, or dual-
band.
Wireless A stand-alone wireless hub that allows any computer that has a
Router wireless network adapter to communicate with another computer
within the same network and to connect to the Internet.

WLAN Wireless Local-Area Network. A type of local-area network that

uses high-frequency radio waves rather than wires to communicate
between nodes.
WPA Wi-Fi Protected Access (WPA) is a security enhancement that
strongly increases the level of data protection and access control to
a wireless network. WPA is an interim standard that is expected to
be replaced with the IEEE’s 802.11i standard upon its completion.
WPA consists of RC4 and TKIP and provides support for BSS
(Infrastructure) mode only. (Not compatible with WPA2.)
WPA2 Wi-Fi Protected Access 2 (WPA2). This is the second generation
of WPA that complies with the IEEE TGi specification. WPA2
consists of AES encryption, pre-authentication and PMKID
caching. It provides support for BSS (Infrastructure) mode and
IBSS (ad hoc) mode. (Not compatible with WPA.)
WPA- Wi-Fi Protected Access-Enterprise applies to corporate users. A
Enterprise new standards-based, interoperable security technology for
wireless LAN (subset of IEEE 802.11i draft standard) that encrypts
data sent over radio waves. WPA is a Wi-Fi standard that was
designed to improve upon the security features of WEP as follows:

1. Improved data encryption through the temporal key integrity

protocol (TKIP). TKIP uses a hashing algorithm to scramble
the encryption keys and, adds an integrity-checking feature
to ensure that the keys have not been tampered with.
2. User authentication, which is generally missing in WEP,
through the extensible authentication protocol (EAP). WEP
regulates access to a wireless network based on a computer’s
hardware-specific MAC address, which is relatively simple
to be sniffed out and stolen. EAP is built on a more secure
public-key encryption system to ensure that only authorized
network users can access the network.

WPA- Wi-Fi Protected Access-Personal provides a level of security in

Personal the small network or home environment.
WPA-PSK Wi-Fi Protected Access-Pre-Shared Key (WPA-PSK) mode does
not use an authentication server. It can be used with the data
encryption types WEP or TKIP. WPA-PSK requires configuration
of a pre-shared key (PSK). You must enter a pass phrase or 64 hex
characters for a Pre-Shared Key of length 256-bits. The data
encryption key is derived from the PSK.

Back to Top

Back to Contents